/**
 * Copyright 2011 the original author or authors
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */
package it.av.spring.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationToken;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * 
 * Custom {@link AuthenticationSuccessHandler} that create a new {@link OpenIDAuthenticationToken} that contains as a principal an
 * instance of {@link UserDetailsImpl} populated with "firstName", "lastName", "email" extracted from the available
 * {@link OpenIDAttribute}. The new OpenIDAuthenticationToken is set on the {@link SecurityContextHolder} overriding the previous
 * one.
 * 
 * @author Alessandro Vincelli
 * 
 */
public class YouEatAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements
        AuthenticationSuccessHandler {

    OpenIDAttributes2UserDetails attributes2UserDetails;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        OpenIDAuthenticationToken auth = (OpenIDAuthenticationToken) authentication;
        UserDetails details = attributes2UserDetails.extract((OpenIDAuthenticationToken) authentication);
        OpenIDAuthenticationToken openIDAuthenticationToken = new OpenIDAuthenticationToken(details, details.getAuthorities(),
                auth.getIdentityUrl(), auth.getAttributes());
        SecurityContextHolder.getContext().setAuthentication(openIDAuthenticationToken);
        handle(request, response, authentication);
    }

    public void setAttributes2UserDetails(OpenIDAttributes2UserDetails attributes2UserDetails) {
        this.attributes2UserDetails = attributes2UserDetails;
    }

}
